ISO 31000:2009 IEC/ISO 31010:2009 & ISO Guide 73:2009 International Standards for the Management of Risk

Size: px
Start display at page:

Download "ISO 31000:2009 IEC/ISO 31010:2009 & ISO Guide 73:2009 International Standards for the Management of Risk"

Transcription

1 ISO 31000:2009 IEC/ISO 31010:2009 & ISO Guide 73:2009 International Standards for the Management of Risk Kevin W Knight AM CHAIRMAN UNECE GRM P 0 BOX 226, NUNDAH Qld 4012, Australia kknight@bigpond.net.au 02/17

2 Managing Risk We all manage risk consciously or unconsciously - but rarely systematically Managing risk means forward thinking Managing risk means responsible thinking Managing risk means balanced thinking Managing risk is all about maximising opportunity and minimising threats The risk management process provides a framework to facilitate more effective decision making

3 History of the ISO and Risk Management Over 80 separate ISO and IEC Technical Committees are addressing aspects of risk management 27 th June 2002, ISO/IEC Guide 73, Risk Management - Vocabulary published ISO Technical Management Board (TMB) approached by Australia and Japan AS/NZS 4360:2004 to be adopted by ISO. June 2005, TMB sets up Working Group (WG) ISO & ISO Guide 73 published ISO/IEC published.

4 KNOWLEDGE ABOUT OUTCOMES Well-defined outcomes Poorly defined outcomes Some basis for risk ambiguity probabilities KNOWLEDGE ABOUT LIKELIHOODS INCERTITUDE No basis for probabilities uncertainty ignorance O Riordan, T, and Cox, P Science, Risk, Uncertainty and Precaution. Senior Executive s Seminar HRH the Prince of Wales s Business and the Environment Programme. University of Cambridge.

5 The Pivotal Definition risk effect of uncertainty on objectives NOTE 1 An effect is a deviation from the expected positive and/or negative. NOTE 2 Objectives can have different aspects (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process). NOTE 3 Risk is often characterized by reference to potential events and consequences, or a combination of these. NOTE 4 Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood of occurrence. NOTE 5 Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood. [ISO Guide 73:2009]

6 risk owner person or entity with the accountability and authority to manage a risk control measure that is modifying risk NOTE 1 Controls include any process, policy, device, practice, or other actions which modify risk. NOTE 2 Controls may not always exert the intended or assumed modifying effect. [ISO Guide 73:2009]

7 Accountable Responsible Yet to be defined Liability for the outcomes of actions or decisions NOTE: Includes failure to act or make decisions OR being obligated to answer for a decision OR obligation to answer for an action. Obligation to carry out duties or decisions, or control over others as directed OR having the obligation to act OR obligation to carry out instructions.

8 AS/NZS ISO 31000: Users AS/NZS ISO 31000:2009 is intended to be used by a wide range of stakeholders including: those responsible for implementing risk management within their organization; those who need to ensure that an organization manages risk; those who need to manage risk for the organization as a whole or within a specific area or activity; those needing to evaluate an organization s practices in managing risk; and developers of standards, guides, procedures, and codes of practice that in whole or in part set out how risk is to be managed within the specific context of these documents.

9 A Business Principles Approach to the Management of Risk

10 Corporate Governance The way in which an organisation is governed and controlled in order to achieve its objectives. The control environment makes an organisation reliable in achieving these objectives within a tolerable degree of risk. It is the glue which holds the organisation together in pursuit of its objectives while risk management provides the resilience. Queensland Audit Office Report No : -

11 SAA HB Governance, risk management and control assurance Standards Australia. ISBN X Corporate Governance The system by which entities are directed and controlled. Corporate governance generally refers to the processes by which organisations are directed, controlled and held to account. It encompasses authority, accountability, stewardship, leadership, direction and control exercised in the organisation.

12 Potential greater future role of risk management ACCOUNTABILITY SUPERVISION STRATEGIC GOVERNANCE Traditional and current risk management application MANAGEMENT EXECUTIVE MANAGEMENT DECISION & CONTROL OPERATIONAL MANAGEMENT MANAGEMENT Risk Management s Role in Corporate Governance

13 a) Creates value b) Integral part of organizational processes c) Part of decision making d) Explicitly addresses uncertainty e) Systematic, structured and timely f) Based on the best available information g) Tailored h) Takes human and cultural factors into account i) Transparent and inclusive j) Dynamic, iterative and responsive to change k) Facilitates continual improvement and enhancement of the organization Principles (Clause 3) Mandate and Commitment (4.2) Continual Improvement of the Framework (4.6) Design of Framework (4.3) Monitoring and Review of the Framework (4.5) Framework (Clause 4) Implementing Risk Management (4.4) C o m u n i c a t i o n & c o n s u l t a t i o n 5.2 Establishing the context (5.3) Risk assessment (5.4) Risk identification (5.4.2) Risk analysis (5.4.3) Risk evaluation (5.4.4) Risk treatment (5.5) Process (Clause 5) M o n i t o r i n g & r e v i e w (5.6) ISO 31000:2009 Figure 1 Relationship between the principles, framework and process

14 Business Principles Approach AS/NZS ISO 31000:2009 Principles (Clause 3) Risk management should. 1. Create value 2. Be an integral part of organisational processes 3. Be part of decision making 4. Explicitly address uncertainty 5. Be systematic and structured 6. Be based on the best available information 7. Be tailored 8. Take into account human factors 9. Be transparent and inclusive 10.Be dynamic, iterative and responsive to change 11.Be capable of continual improvement and enhancement

15 Risk management should create value RM contributes to the achievement of objectives. Protects value minimise downside risk, protects people, systems and processes.

16 Risk management should be an integral part of organizational processes RM is not a stand-alone activity from the management system of the organisation. RM is part of the process - not an additional compliance task.

17 Risk management should be part of decision making Risk management helps decision makers make informed choices, prioritize actions and distinguish among alternative courses of action. Helps allocate scarce resources.

18 Risk management explicitly addresses uncertainty Risk management explicitly takes account of uncertainty, the nature of that uncertainty, and how it can be addressed. RM addresses uncertainty, no matter the level of uncertainty.

19 Risk management should be systematic and structured A systematic, timely and structured approach to the management of risk contributes to efficiency and to consistent, comparable and reliable results. The more aligned the more effective and efficient.

20 Risk management should be based on the best available information The inputs to the process of managing risk are based on information sources such as historical data, experience, stakeholder feedback, observation, forecasts and expert judgement. Information costs money. Perfect information is not always possible. Start with resources/expertise you have or gain easily. Increase information as the level of risk increases.

21 Risk management should be tailored Risk management is aligned with the organization's external and internal context and risk profile. Different risk appetites & different measurements. Context remains one of the most difficult areas.

22 Risk management should take into account human factors The management of risk recognizes the capabilities, perceptions and intentions of people that make every organisation different.

23 Risk management should be transparent and inclusive Appropriate and timely involvement of stakeholders at all levels of the organization, ensures that the management of risk remains relevant and up-to-date. The management of risk must be clearly set out in job profiles/employment contracts and annual appraisals.

24 Risk management should be dynamic, iterative and responsive to change External and internal events happen, context and knowledge change, monitoring and review take place, new risks emerge, some change, and others disappear. Must keep RM relevant and accurate so as to support decisions and strategies. Regular reviews of risk register and framework. Internal audit programme informed by corporate risk register.

25 Risk management should be capable of continual improvement and enhancement Organizations should develop and implement strategies to improve the maturity of their management of risk alongside all other aspects of their management system. RM maturity and improvement strategies should be included in the RM Plan.

26 PDCA the starting point of any management system Commitment and Mandate Policy Statement Risk Management Plan Assurance plan Standards Procedures/Guidelines Plan Define & Analyse a Problem and Identify the Root Cause Communicate and Train Communications and reporting plan Training strategy RM Network Act Standardise Solution Review and Define Next Issues Common Approach Used in ISO Management System Standards Do Devise a Solution Develop Detailed Action Plan & Implement It Systematically Measure and review Control assurance RM Plan progress Governance reporting Benchmarking Performance criteria Check Confirm Outcomes Against Plan Identify Deviations and Issues Organise and Allocate Board RM Committee Exec RM Committee Manager, RM RM Champions Risk, Control, Risk owners Assurance providers

27 AS/NZS ISO 31000:2009 Risk management framework (Clause 4) The framework in Clause 4 of AS/NZS ISO 31000:2009 is not intended to describe a management system; but rather, it is to assist the organization to integrate risk management within its overall management system. Therefore, organizations should adapt the components of the framework to their specific needs.

28 Mandate and commitment (4.2) 4.3 Design of framework Understanding the organization and its context Establishing risk management policy Accountability Integration into organizational processes Resources Establishing internal communication and reporting mechanisms Establishing external communication and reporting mechanisms 4.6 Continual improvement of the framework 4.4 Implementing risk management Implementing the framework for managing risk Implementing the risk management process 4.5 Monitoring and review of the framework AS/NZS ISO 31000:2009 Figure 2 Relationship between the components of the framework for managing risk

29 Understanding the organisation and its context External Context Consider: Trends Key drivers Perceptions/values of key stakeholders PESTLE: (Political, Economic, Social, Technological, Legal, Environmental factors)

30 Understanding the organisation and its context Internal Context Governance Structures Objectives, strategies and policies Knowledge, skills and resources Organisational culture Contractual relationships

31 Risk Management Policy Must be simple, achievable, understandable and auditable with the clear mandate and commitment of top management aligned to the organisation s culture with the risk makers and the risk takers the risk owners. Document components Rationale and policy links Accountability and responsibility Management of conflicts of interest Measurement of RM performance Reporting processes Policy review process/cycle

32 Accountability All accountable risk owners are clearly identified and provided with authority & resources to manage risk Board accountability for framework implementation Accountability of risk owners at all levels of the organisation clearly identified Performance measurement processes in place Reporting and escalation processes clearly established

33 Integration into organisational processes The management of risk should be part of routine organisational processes Policy development Business/strategic planning Change management Decision-making processes Risk Management Plan Organisation-wide Linked to or integrated in to other plans: strategic plans, implementation plans, operational plans etc

34 Resources expenditure on the management of risk is an investment Good RM will make an organisation more effective, but it requires dedicated resources Resources include: People: skills, experience and competence Time and funds: to execute the process Defined processes, methods and tools Information systems Awareness, education and training programs

35 Establishing internal & external communication and Internal reporting mechanisms Ongoing awareness, education and training Framework performance reporting and outcome reviews Information management Stakeholder engagement External Stakeholder engagement Regulatory reporting requirements Use reporting to build confidence Business continuity (management of disruption related risk) communication

36 Implementing risk management Implementing the framework Ensure Appropriate timing Alignment with organisational strategy and processes Compliance with regulation Apply to organisational processes Train and educate staff Communicate and consult Implementing the risk management process Define the process for the organisation Implement at all levels (appropriate processes) Establish a monitoring process

37 Hierarchical Objectives Strategic designed to provide the direction required to achieve strategic goals. These are usually long-term plans with a minimum timeframe of three to five years Tactical designed to further the implementation of the strategic plan, addressing tactical goals, following a shorter timeframe of generally one to three years Operational designed to further the implementation of tactical plans and addressing operational goals. These plans have a much shorter timeframe of usually less than one year, sometimes with a timeframe of months, weeks or days.

38 Organisational Objectives There are generally three levels of objectives in any organisation, which align to the type of plan that will be implemented to help attain them. The three levels are strategic, tactical and operational. Strategic objectives are usually very general by nature describing future results which have been determined by management. These generally describe the vision/mission for ensuring the success of the organisation. For example, a strategic objective of a University might be to: Increase revenue from overseas students by 15%.

39 Organisational Objectives There are generally three levels of objectives in any organisation, which align to the type of plan that will be implemented to help attain them. The three levels are strategic, tactical and operational. Tactical objectives are set by middle management for specific departments or business units. They are aligned to the strategic objectives and articulate what each department or business unit must do to achieve higher level objectives. For example, the tactical objective of the marketing department of the University may be: To increase the advertising campaigns in the Asia-Pacific region from one to three per year.

40 Organisational Objectives There are generally three levels of objectives in any organisation, which align to the type of plan that will be implemented to help attain them. The three levels are strategic, tactical and operational. Operational objectives are more specific in nature set by lower management to address the requirements set by tactical objectives. For example, the operational objective of the marketing team may be: To develop and implement two new advertising campaigns targeted at the Asia-Pacific region.

41 Organisational Risk Criteria Denial Dislike Disinclination Aversion Strategic management decision Risk tolerance range Corporate culture Excessive appetite Indecision Irresponsible Impulsive

42 Operational Risk Management Cycle Conduct risk profiling Review performance Jan Strategic planning Implement and monitor treatment actions Sep Budget and business planning May Determine risk treatment actions

43 AS/NZS ISO 31000:2009 Risk management process (Clause 5) should be an integral part of management, be embedded in culture and practices and tailored to the business processes of the organization. includes five activities: communication and consultation; establishing the context; risk assessment; risk treatment; and monitoring and review.

44 ISO 31000:2009 Process Overview C O M M U N I C A T I O N & C O N S U L T I O N RISK ESTABLISHING THE CONTEXT RISK IDENTIFICATION RISK ANALYSIS RISK EVALUATION RISK TREATMENT ASSESSMENT M O N I T O R & R E V I E W 24

45 5.2 C O M M U N I C A T I O N & C O N S U L T A T I O N 5.4 R I S K 5.3 ESTABLISHING THE CONTEXT External Context Internal Context Risk Management Process Context Developing Risk Criteria RISK IDENTIFICATION What can happen, when, where, how & why RISK ANALYSIS Determine existing controls Determine Likelihood Estimate Level of Risk RISK EVALUATION Compare against criteria. Identify & assess options. Decide on response. Establish priorities. 5.5 RISK TREATMENT Determine Consequences Selection of risk treatment options Preparing and implementing risk treatment plans A S S E S S M E N T 5.6 M O N I T O R & R E V I E W ISO 31000:2009 Risk management process in detail

46 ISO/IEC 31010:2009 Risk Management - Risk Assessment Techniques In particular, those carrying out risk assessments should be clear about the context and objectives of the organization, the extent and type of risks that are tolerable, and how unacceptable risks are to be treated, how risk assessment integrates into organizational processes, methods and techniques to be used for risk assessment, and their contribution to the risk management process, accountability, responsibility and authority for performing risk assessment, resources available to carry out risk assessment, how the risk assessment will be reported and reviewed.

47 ISO/IEC 31010:2009 Risk Management - Risk Assessment Techniques Risk assessment attempts to answer the following fundamental questions: what can happen and why (by risk identification)? what is the likelihood of their future occurrence? what are the consequences? are there any factors that reduce the likelihood of the risk or that mitigate the consequence of the risk?

48 ISO 31000:2009 Annex A (Informative) Attributes of enhanced risk management 1. A pronounced emphasis on continuous improvement in risk management through the setting of organizational performance goals, measurement, review and the subsequent modification of processes, systems, resources and capability/skills. 2.Comprehensive, fully defined and fully accepted accountability for risks, controls and treatment tasks. Named individuals fully accept, are appropriately skilled and have adequate resources to check controls, monitor risks, improve controls and communicate effectively about risks and their management to interested parties.

49 ISO 31000:2009 Annex A (Informative) Attributes of enhanced risk management 3. All decision making within the organization, whatever the level of importance and significance, involves the explicit consideration of risks and the application of the risk management process to some appropriate degree. 4. Continual communications and highly visible, comprehensive and frequent reporting of risk management performance to all interested parties as part of a governance process.

50 ISO 31000:2009 Annex A (Informative) Attributes of enhanced risk management 5. Risk management is always viewed as a core organizational process where risks are considered in terms of sources of uncertainty that can be treated to maximize the chance of gain while minimizing the chance of loss. Critically, effective risk management is regarded by senior managers as essential for the achievement of the organization s objectives. The organization s governance structure and process are founded on the risk management process.

51 ISO 31000:2009 Reducing the Risk in Risk Management Avoids organisations re-inventing the wheel Allows all to benefit from proven best practice Provides a universal benchmark Reduces barriers to trade Advises exactly what you need to do and how you need to do it no wasted effort and no false starts Scalable works for all sizes of organisation Risk management = making optimal decisions in the face of uncertainty

52 And Finally!! ISO 31000:2009 is the natural successor to AS/NZS 4360:2004 It will fit ERM requirements, but will also allow silo/project risk management Following ISO 31000:2009 will provide a low cost, high chance of success approach to ERM ISO 31000:2009 will add value and reduce risk in risk management Managing risk is about creating value out of uncertainty

53 YOU DO NOT HAVE TO MANAGE RISK!! SURVIVAL IS NOT COMPULSORY

54 The greatest risk of all is to take no risk at all!

55 The Journey Continues A journey. A race In pursuit of performance Building Value ISO 31000, IEC/ISO and ISO Guide 73 provide generic guidance on how to embrace the management of risk in order to maximise the opportunities and minimise the threats to the achievement of your objectives. C O 1. Strategic Ct M O M N M U 2. Identify Threats I T N O I R C A A 3. Analyze & T S 4. Assess E S R E S 5. Assess/ E V C S I O E N W S U L T 7. Manage the Risk Culture Communication Opportunities Risks Structure Direction Processes

56 Documents in red are the suggested as the foundational documents of a reference library for those keen to understand the management of risk. The following guidance documents are available online from: ISO 31000:2009 Risk management Principles and guidelines ISO Guide 73:2009 Risk management Vocabulary ISO 31000: Risk management A practical guide for SMEs. ISO, International Trade Centre and the United Nations Industrial Development Organization. ISBN , 2015 ISO/TR 31004:2013 Risk management - Guidance for the implementation of ISO 31000, ISO, (Also published on by BSI as PD ISO/TR 31004:2013) BS 31100:2011 Risk management. Code of practice and guidance for the implementation of BS ISO 31000, British Standards Institute, ISBN: ,

57 CSA Q31001:2011 Implementation Guide To CAN/CSA-ISO 31000, Risk Management - Principles And Guidelines, Canadian Standards Association, NWA 31000:2010 National Guidance on Implementing I.S. ISO 31000:2009 Risk Management - Principles and Guidelines, National Standards Authority of Ireland, Swift Compendium for Business, National Standards Authority of Ireland/Institute of Directors in Ireland ÖNORM ONR :2010 Risk Management For Organizations And Systems - Part 1: Guidelines For Embedding The Risk Management In The Management System Implementation Of ISO 31000, Austrian Standards Institute, ÖNORM ONR :2010 Risk Management For Organizations And Systems - Part 2: Guideline For Methodologies In Risk Assessment Implementation Of ISO 31000, Austrian Standards Institute, ÖNORM ONR :2010 Risk Management For Organizations And Systems - Part 3: Guidelines For Emergency, Crisis And Business Continuity Management - Implementation Of ISO 31000, Austrian Standards Institute,

58 The following Australian/New Zealand documents are available online from: SA/SNZ HB 89:2013 Risk management - Guidelines on risk assessment techniques, Standards Australia/Standards New Zealand, ISBN , AS/NZS 5050:2010 Business continuity Managing disruption related risk AS/NZS ISO/IEC 27005: Information technology Security techniques Information security risk management (ISO/IEC 27005:2011, MOD) SAA HB 141 (Rev):2011 Risk Financing Guidelines, Standards Australia, SAA HB 158 (Rev):2010 Delivering assurance based on ISO 31000:2009 Risk Management, Standards Australia, SAA/NZS HB 203:2012 Environmental risk management Principals and process, Standards Australia/Standards New Zealand. SAA/NZS HB 246 (Rev):2010 Guidelines for Managing Risk in Sport and Recreation, Standards Australia/Standards New Zealand, 18 August 2010 SAA HB 266:2010 Guide for managing risk in Not-For-Profit organisations, Standards Australia,13 August 2010 SAA/NZS HB 327:2010 Communicating and consulting about risk, Standards Australia /Standards New Zealand, ISBN , Standards Australia, 2010 SA/SNZ HB Risk Management Guidelines - Companion to AS/NZS ISO 31000:2009, Standards Australia/Standards New Zealand, ISBN ,

59 The following Handbooks based on the superseded AS/NZS 4360:2004 require revision to bring them into harmonisation with AS/NZS ISO 31000:2009: - HB 167: Security risk management, Standards Australia/Standards New Zealand. SAA HB 231:2004 Information Security Risk Management Guidelines, Standards Australia. SAA HB Guidelines for Managing Risk in Outsourcing using the AS/NZS 4360:2004 Process, Standards Australia. SAA/NZS 221:2004 Business Continuity Management, Standards Australia/Standards New Zealand. SAA HB 292:2006 A Practitioners Guide to Business Continuity Management Standards Australia (2006) SAA HB 293:2006 An Executive Guide to Business Continuity Management Standards Australia (2006) (NOTE: HB s 221, 292 & 293 have been superseded by AS/NZS 5050:2010. A new HB may be developed as a companion to AS/NZS 5050:2010) SA HB 296:2007 Legal Risk Management, Standards Australia (2007), ISBN

ISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. Management du risque Principes et lignes directrices

ISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. Management du risque Principes et lignes directrices INTERNATIONAL STANDARD ISO 31000 First edition 2009-11-15 Risk management Principles and guidelines Management du risque Principes et lignes directrices http://mahdi.hashemitabar.com Reference number ISO

More information

Risk Management Policy

Risk Management Policy Risk Management Policy IPH Limited ACN 169 015 838 1. Introduction Organisations of all types and scale face internal and external factors and influences that make it uncertain whether and when they will

More information

This policy establishes the approach to risk management at Sunshine Coast Council (Council) and outlines the guiding principles and framework.

This policy establishes the approach to risk management at Sunshine Coast Council (Council) and outlines the guiding principles and framework. Organisational policy Risk Management Policy Corporate Plan reference: Endorsed by Chief Executive Officer: Manager responsible for policy: A strong community In all our communitites, people are included,

More information

RAISING THE STANDARD THE NEW ISO RISK MANAGEMENT STANDARD

RAISING THE STANDARD THE NEW ISO RISK MANAGEMENT STANDARD RAISING THE STANDARD THE NEW ISO RISK MANAGEMENT STANDARD Grant Purdy Associate Director, Broadleaf Capital International Chair, Standards Australia and Standards New Zealand Risk Management Committee,

More information

Risk management Principles and guidelines

Risk management Principles and guidelines AS/NZS ISO 31000:2009 Joint Australian New Zealand International Standard Risk management Principles and guidelines Superseding AS/NZS 4360:2004 AS/NZS ISO 31000:2009 AS/NZS ISO 31000:2009 This Joint Australian/New

More information

Risk Management Update ISO Overview and Implications for Managers

Risk Management Update ISO Overview and Implications for Managers Contents - ISO 31000 highlights 1 - Changes to key terms and definitions 2 - Aligning key components of the risk management framework 3 - The risk management process 4 - The principles of risk management

More information

Board Corporate Governance and Risk Committee

Board Corporate Governance and Risk Committee Policy Risk management Authorising Committee / Department: Responsible Committee / Department: Document Code: Board Corporate Governance and Risk Committee POL OPCEO Risk management Introduction The purpose

More information

Governance Institute of Australia Ltd

Governance Institute of Australia Ltd Governance Institute of Australia Ltd Management Policy 1. Overview management is a key element of effective corporate governance. In view of this, Governance Institute of Australia Ltd (Governance Institute)

More information

ERM: Risk Maps and Registers. Performing an ISO Risk Assessment

ERM: Risk Maps and Registers. Performing an ISO Risk Assessment ERM: Risk Maps and Registers Performing an ISO 31000 Risk Assessment Agenda Following a Standard? Framework First Performing a Risk Assessment Assigning Risk Ownership Data Management Questions? Following

More information

Risk Management and Corporate Governance in Local Government

Risk Management and Corporate Governance in Local Government Local Government Seminar: Addressing Risks through Public Enablement - A renewal of the Local Authority Engineer's role Risk Management and Corporate Governance in Local Government Brian Cassidy CENG,

More information

SA/SNZ HB 436:2013. Risk management guidelines Companion to AS/NZS ISO 31000:2009 SA/SNZ HB 436:2013. Australian/New Zealand Handbook

SA/SNZ HB 436:2013. Risk management guidelines Companion to AS/NZS ISO 31000:2009 SA/SNZ HB 436:2013. Australian/New Zealand Handbook SA/SNZ HB 436:2013 Australian/New Zealand Handbook Risk management guidelines Companion to AS/NZS ISO 31000:2009 Superseding HB 436:2004 SA/SNZ HB 436:2013 SA/SNZ HB 436:2013 This Joint Australian/New

More information

Active Essex Risk Management Strategy

Active Essex Risk Management Strategy Active Essex Risk Management Strategy 2017-2021 November 2017 Contents 1. Policy Statement 2. Statement of Commitment 3. Risk Management Framework 4. Risk Appetite 5. Risk Maturity 6. Risk Management Levels

More information

SA/SNZ HB 89:2013. Australian/New Zealand Handbook. Risk management Guidelines on risk assessment techniques. Superseding HB SA/SNZ HB 89:2013

SA/SNZ HB 89:2013. Australian/New Zealand Handbook. Risk management Guidelines on risk assessment techniques. Superseding HB SA/SNZ HB 89:2013 SA/SNZ HB 89:2013 Australian/New Zealand Handbook Risk management Guidelines on risk assessment techniques Superseding HB 89 2012 SA/SNZ HB 89:2013 SA/SNZ HB 89:2013 This Handbook was prepared by a working

More information

Risk Management Policy

Risk Management Policy Risk Management Policy 2015 Steadfast Group Limited ABN: 98 073 659 677 Risk Management Policy 1 ABN: 98 073 659 677 2013 Steadfast Group Limited Contents 1. INTRODUCTION 2 2. POLICY INTENT 2 3. POLICY

More information

ISO 2018 COPYRIGHT PROTECTED DOCUMENT All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of th

ISO 2018 COPYRIGHT PROTECTED DOCUMENT All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of th INTERNATIONAL STANDARD ISO 31000 Second edition 2018-02 Risk management Guidelines Management du risque Lignes directrices Reference number ISO 31000:2018(E) ISO 2018 ISO 2018 COPYRIGHT PROTECTED DOCUMENT

More information

ISO Revision Launch Event

ISO Revision Launch Event ISO Revision Launch Event ISO 14001: 2015 Stanley Wright Environmentalist Copyright 2014 BSI. All rights reserved. 1 Background to the requirements of environmental compliance An overall umbrella called

More information

Why BSI? Our products and services. To find out more visit: bsigroup.com/en-au. Conclusion

Why BSI? Our products and services. To find out more visit: bsigroup.com/en-au. Conclusion Conclusion Risk-based thinking is not new Risk-based thinking is something you do already Risk-based thinking is continuous Risk-based thinking ensures greater knowledge and preparedness Risk-based thinking

More information

Risk Management Strategy

Risk Management Strategy Risk Management Strategy 2017-2019 Created by: Role Name Title Author / Editor Kevin McMahon Head of Risk Management & Resilience Lead Executive Margo McGurk Director of Finance & Performance Approved

More information

Texas Tech University System

Texas Tech University System Texas Tech University System October 31, 2017 ERM Overview Evolution of Risk Management Risk Traditional Definition The possibility that something bad or unpleasant will happen. Merriam-Webster Minimizing

More information

Software And Systems Engineering Risk Management

Software And Systems Engineering Risk Management Software And Systems Engineering Risk Management John Walz VP Technical and Conferences Activities, IEEE Computer Society Vice-Chair Planning, Software & Systems Engineering Standards Committee, IEEE Computer

More information

RISK MANAGEMENT GUIDELINES

RISK MANAGEMENT GUIDELINES HB 436:2004 RISK MANAGEMENT GUIDELINES HB 436:2004 (Incorporating Amendment No. 1) Handbook Risk Management Guidelines Originated as HB 142 1999 and HB 143:1999. Jointly revised and redesignated as HB

More information

HOW TO BRING YOUR ERM FRAMEWORK INTO LINE WITH ISO

HOW TO BRING YOUR ERM FRAMEWORK INTO LINE WITH ISO BROADLEAF CAPITAL INTERNATIONAL PTY LTD ABN 24 054 021 117 PO Box 1098 Tel: +61 (0) 3 9893 0011 Mitcham North Mobile: +61 (0) 412 121 631 VIC 3132 Fax: +61 (0) 3 9893 0011 Australia www.broadleaf.com.au

More information

Sample Corporate Risk Management Policy

Sample Corporate Risk Management Policy Sample Corporate Risk Management Policy This document provides a sample Risk Management policy which includes an overview of the key roles and responsibilities of the various stakeholders. Risk Oversight

More information

A Risk Practitioners Guide to ISO 31000: 2018

A Risk Practitioners Guide to ISO 31000: 2018 A Risk Practitioners Guide to ISO 31000: 2018 Review of the 2018 version of the ISO 31000 risk management guidelines and commentary on the use of this standard by risk professionals 1 A Risk Practitioners

More information

From the cube to the rainbow double helix: a risk practitioner s guide to the COSO ERM Frameworks

From the cube to the rainbow double helix: a risk practitioner s guide to the COSO ERM Frameworks From the cube to the rainbow double helix: a risk practitioner s guide to the COSO ERM Frameworks Review of the 2004 and 2017 Enterprise Risk Management (ERM) frameworks published by COSO and commentary

More information

9th April 2008 Copyright Implementing ISO 31000...but how do you do it? Copyright Capital International Pty Ltd, 2008 BROADLEAF CAPITAL INTERNATIONAL PTY LTD ABN 24 054 021 117 23 Bettowynd Road Pymble

More information

ISO 45001: 10th April 2018

ISO 45001: 10th April 2018 ISO 45001: 10 th April 2018 ISO 45001: A new international standard for OH&S management systems Rob Pugh, Senior Consultant Audit and consultancy. A new international standard for OH&S management systems

More information

ISO/IEC INTERNATIONAL STANDARD. Corporate governance of information technology. Gouvernance des technologies de l'information par l'entreprise

ISO/IEC INTERNATIONAL STANDARD. Corporate governance of information technology. Gouvernance des technologies de l'information par l'entreprise INTERNATIONAL STANDARD ISO/IEC 38500 First edition 2010-06-01 Corporate governance of information technology Gouvernance des technologies de l'information par l'entreprise Reference number ISO/IEC 38500:2008(E)

More information

RISK MANAGEMENT POLICY

RISK MANAGEMENT POLICY RISK MANAGEMENT POLICY Clinical Governance & Risk Management Department Warning Document uncontrolled when printed Policy Reference: RM 2.0 Date of Issue: TBC Prepared by: Risk Management Short Life Date

More information

Introducing ISO 22301

Introducing ISO 22301 Introducing ISO 22301 1 2 Background How was the ISO22301 formed? Contributors 3 Context 4 Source documents included BS25999-2 NFPA 1600 ASIS OR standard Singapore standards ISO 27031 ISO Guide 73 ISOPAS22399

More information

29/11/2017. Risk Management Policy

29/11/2017. Risk Management Policy 1 Purpose APA Group (APA) is Australia s leading energy infrastructure business delivering smart, reliable and safe solutions through our deep industry knowledge and interconnected infrastructure. Risk

More information

LICENCE. for. Click here for full conditions of Licence WEB LINKS. Check if this document is current. Find similar documents

LICENCE. for. Click here for full conditions of Licence WEB LINKS. Check if this document is current. Find similar documents LICENCE for Licensee: Date: Conditions of use: Click here for full conditions of Licence WEB LINKS Check if this document is current Find similar documents StandardsWatch (info and login) Visit our website

More information

From the cube to the rainbow double helix: a risk practitioner s guide to the COSO ERM Frameworks

From the cube to the rainbow double helix: a risk practitioner s guide to the COSO ERM Frameworks From the cube to the rainbow double helix: a risk practitioner s guide to the COSO ERM Frameworks Review of the 2004 and 2017 Enterprise Risk Management (ERM) frameworks published by COSO and commentary

More information

Fraud Risk Management

Fraud Risk Management Fraud Risk Management Fraud Risk Management Overview 2017 Association of Certified Fraud Examiners, Inc. Discussion Questions 1. Does your organization follow a specific risk management model? If so, which

More information

Sample Strategy and Value Oversight Policy

Sample Strategy and Value Oversight Policy Sample Strategy and Value Oversight Policy This document provides a sample Strategy & Value Oversight policy which includes a high level overview of the key roles and responsibilities of the various participants.

More information

RISK IN ISO 9001:2015

RISK IN ISO 9001:2015 RISK IN ISO 9001:2015 1. Objective of this paper to explain how risk is addressed in ISO 9001 to explain what is meant by opportunity in ISO 9001 to address the concern that risk based thinking replaces

More information

IRM s Professional Standards in Risk Management PART 1 Consultation: Functional Standards

IRM s Professional Standards in Risk Management PART 1 Consultation: Functional Standards IRM s Professional Standards in Risk PART 1 Consultation: Functional Standards Setting standards Building capability Championing learning and development Raising the risk profession s profile Supporting

More information

The Role of ISO Standards in Governance, Risk and Compliance Management for Today s Business

The Role of ISO Standards in Governance, Risk and Compliance Management for Today s Business The Role of ISO Standards in Governance, Risk and Compliance Management for Today s Business HKQAA Symposium 2017 Dr Nigel H Croft May 2017 (C) Nigel H Croft 2017 - All rights reserved 1 Governance The

More information

Asset management Overview, principles and terminology

Asset management Overview, principles and terminology ISO 2012 All rights reserved ISO/PC 251/N183 Date: 2012-02-26 ISO/CD 55000.2 ISO/TC 251/WG 1 Secretariat: BSI Asset management Overview, principles and terminology Gestion d'actifs Vue d'ensemble, les

More information

ISO 9001:2015 Your implementation guide

ISO 9001:2015 Your implementation guide ISO 9001:2015 Your implementation guide ISO 9001 is the world s most popular management system standard Updated in 2015 to make sure it reflects the needs of modern-day business, ISO 9001 is the world

More information

ISO whitepaper, January Inspiring Business Confidence.

ISO whitepaper, January Inspiring Business Confidence. Inspiring Business Confidence. ISO 31000 whitepaper, January 2015 Author: Graeme Parker enquiries@parkersolutionsgroup.co.uk www.parkersolutionsgroup.co.uk ISO 31000 is an International Standard for Risk

More information

ISO 9001:2015 Your implementation guide

ISO 9001:2015 Your implementation guide ISO 9001:2015 Your implementation guide ISO 9001 is the world s most popular management system standard Updated in 2015 to make sure it reflects the needs of modern-day business, ISO 9001 is the world

More information

ISO Revisions. ISO 9001 Whitepaper. The importance of risk in quality management. Approaching change

ISO Revisions. ISO 9001 Whitepaper. The importance of risk in quality management. Approaching change ISO Revisions ISO 9001 Whitepaper The importance of risk in quality management Approaching change Background and overview to the ISO 9001:2015 revision As an International Standard, ISO 9001 is subject

More information

ISO 31000, a risk management standard for decision-makers

ISO 31000, a risk management standard for decision-makers ISO 31000, a risk management standard for decision-makers Alex Dali, MBA, ARM, CT31000 President Global Institute for Risk Management Standards - G31000 Alex.Dali@G31000.org Risk management foundations

More information

CGEIT Certification Job Practice

CGEIT Certification Job Practice CGEIT Certification Job Practice Job Practice A job practice serves as the basis for the exam and the experience requirements to earn the CGEIT certification. This job practice consists of task and knowledge

More information

ISO/IEC JTC 1 N 10998

ISO/IEC JTC 1 N 10998 ISO/IEC JTC 1 N 10998 ISO/IEC JTC 1 Information technology Secretariat: ANSI (USA) Document type: Title: Status: Text for PDTR ballot or comment Text of 2nd PDTR 38502, Governance of IT - Framework and

More information

The viability statement. Finding opportunities in the new regulatory challenge March 2015

The viability statement. Finding opportunities in the new regulatory challenge March 2015 The viability statement Finding opportunities in the new regulatory challenge March 2015 Foreword The clock is already ticking for directors of listed 1 companies with accounting periods beginning on or

More information

ISO 28002: RESILIENCE IN THE SUPPLY CHAIN: REQUIREMENTS WITH GUIDANCE FOR USE

ISO 28002: RESILIENCE IN THE SUPPLY CHAIN: REQUIREMENTS WITH GUIDANCE FOR USE Version 1b: September 5, 2009 ISO 28002: RESILIENCE IN THE SUPPLY CHAIN: REQUIREMENTS WITH GUIDANCE FOR USE Draft Version 1b: September 5, 2009 Abstract A comprehensive management systems approach to prevent,

More information

International Organisation for Standards: ISO 14001:2015 Review

International Organisation for Standards: ISO 14001:2015 Review International Organisation for Standards: ISO 14001:2015 Review I recently attended the IEMA making the Transition to ISO 14001:2015 course and wish to inform you with a summary of the ISO 14001:2015 changes.

More information

Enterprise Risk Management And Beyond. Copyright WHA Insurance

Enterprise Risk Management And Beyond. Copyright WHA Insurance Enterprise Risk Management And Beyond Copyright WHA Insurance Presented by Jeff Griffin September 18, 2018 ERM And Beyond Today s goals are: 1. What is ERM and why it s important to your organization 2.

More information

REPORT 2015/077 INTERNAL AUDIT DIVISION

REPORT 2015/077 INTERNAL AUDIT DIVISION INTERNAL AUDIT DIVISION REPORT 2015/077 Advisory engagement to assist the International Trade Centre in its efforts to develop a risk management framework 29 July 2015 Assignment No. VE2014/350/01 CONTENTS

More information

Information technology Security techniques Information security management systems Overview and vocabulary

Information technology Security techniques Information security management systems Overview and vocabulary INTERNATIONAL STANDARD ISO/IEC 27000 Third edition 2014-01-15 Information technology Security techniques Information security management systems Overview and vocabulary Technologies de l information Techniques

More information

HOW TO USE AND APPLY ISO/TR 31004:2013 The convergence of Quality & Risk Management

HOW TO USE AND APPLY ISO/TR 31004:2013 The convergence of Quality & Risk Management HOW TO USE AND APPLY ISO/TR 31004:2013 The convergence of Quality & Risk Management Mr Jeff JONES AQUAS Pty Ltd BIOGRAPHY How to use and apply ISO/TR 31004:2013 - the convergence of Quality & Risk Management

More information

ISO Business Continuity Management. Your implementation guide

ISO Business Continuity Management. Your implementation guide ISO 22301 Business Continuity Management Your implementation guide Build a robust and resilient organization with ISO 22301 It s never been more important to protect your business from the unexpected.

More information

ISO 31000, a risk management standard for decision-makers

ISO 31000, a risk management standard for decision-makers ISO 31000, a risk management standard for decision-makers Alex Dali, MBA, ARM President at G31000 Alex.Dali@G31000.org About ISO 31000 History Scope Structure Users Benefits About the First global survey

More information

ISO The Future of Risk? Finnish Risk Management Association Future of Risk Seminar September 21 th 2010

ISO The Future of Risk? Finnish Risk Management Association Future of Risk Seminar September 21 th 2010 ISO 31 000 The Future of Risk? Finnish Risk Management Association Future of Risk Seminar September 21 th 2010 Agenda 1 The Changing Landscape of Risk Management 2 A Brief Introduction to the New International

More information

OPERATIONAL DIRECTIVE REF. OD.FG RISK MANAGEMENT

OPERATIONAL DIRECTIVE REF. OD.FG RISK MANAGEMENT Headquarters, Copenhagen 15 March 2018 OPERATIONAL DIRECTIVE REF. OD.FG.2018.03 RISK MANAGEMENT 1. Authority 1.1. This Operational Directive (OD) is promulgated by the Director, Finance Group (FG), on

More information

CGMA Competency Framework

CGMA Competency Framework CGMA Competency Framework Technical skills CGMA Competency Framework 1 Technical skills : This requires a basic understanding of the business structures, operations and financial performance, and includes

More information

ISO 45001:2018 Occupational health and safety standard

ISO 45001:2018 Occupational health and safety standard Amendment to RMS Study book for the NEBOSH National General Certificate Unit NGC1 Only First Edition Due to the release of the new Occupational health and safety standard ISO 45001 which has replaced OHSAS

More information

ISO/TR TECHNICAL REPORT. Information and documentation Records management Part 2: Guidelines

ISO/TR TECHNICAL REPORT. Information and documentation Records management Part 2: Guidelines TECHNICAL REPORT ISO/TR 15489-2 First edition 2001-09-15 Information and documentation Records management Part 2: Guidelines Information et documentation «Records management» Partie 2: Guide pratique Reference

More information

Risk frameworks. Driving business strategy with effective risk frameworks

Risk frameworks. Driving business strategy with effective risk frameworks Risk frameworks Driving business strategy with effective risk frameworks Integrating risk management with business strategy Each year, a board begins its planning period with a set of strategic options

More information

Quality Management System Guidance. ISO 9001:2015 Clause-by-clause Interpretation

Quality Management System Guidance. ISO 9001:2015 Clause-by-clause Interpretation Quality Management System Guidance ISO 9001:2015 Clause-by-clause Interpretation Table of Contents 1 INTRODUCTION... 4 1.1 IMPLEMENTATION & DEVELOPMENT... 5 1.2 MANAGING THE CHANGE... 5 1.3 TOP MANAGEMENT

More information

INTERNAL AUDIT AND ASSURANCE MANDATE

INTERNAL AUDIT AND ASSURANCE MANDATE INTERNAL AUDIT AND ASSURANCE MANDATE 1. Establishment 1.1. This Mandate defines the functions, powers and duties of the Internal Audit and Assurance function. The Mandate is reviewed by the Audit, Risk

More information

GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))

GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2)) GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2)) Operational Risk Management MARCH 2017 STATUS OF GUIDANCE The Isle of Man Financial Services Authority ( the Authority ) issues guidance for

More information

POLICY ON RISK MANAGEMENT

POLICY ON RISK MANAGEMENT POLICY ON RISK MANAGEMENT This Policy was approved by the Board of Trustees on March 14, 2017. Table of Contents 1. INTRODUCTION... 1 2. OBJECTIVE... 1 3. APPLICATION... 1 4. POLICY... 1 5. ROLES AND RESPONSIBILITIES...

More information

Gap Analysis Checklist ISO 14001:2015 Self-assessment

Gap Analysis Checklist ISO 14001:2015 Self-assessment The gap analysis checklist is one of the first tools available from the auditor s toolbox. The self-assessment questions will help you to identify gaps between your existing Environmental Management System

More information

Foundation for Sustainability

Foundation for Sustainability Foundation for Sustainability Introduction The concept of sustainability is made difficult to understand because of the failure to indicate the perspective associated with its application and the hodgepodge

More information

COSO ERM: Integrating with Strategy and Performance. Michael Parkinson

COSO ERM: Integrating with Strategy and Performance. Michael Parkinson COSO ERM: Integrating with Strategy and Performance Michael Parkinson Content The COSO Frameworks Risk (Enterprise) Risk Management The COSO risk management framework A few highlights Questions for management

More information

Apply accounting and finance skills. And lead within the organisation

Apply accounting and finance skills. And lead within the organisation THE CGMA COMPETENCY FRAMEWORK IS COMPRISED OF FOUR KNOWLEDGE AREAS Technical Skills, Business Skills, People Skills and Leadership Skills. These knowledge areas are underpinned by ethics, integrity and

More information

Risk Management Implementation Plan

Risk Management Implementation Plan 41 07 Management Author: Dr Kevin Street; Interim Chief Officer Date: 20 November 2015 Version: 1 Sponsoring Executive Director: Rhiannon Beaumont-Wood Who will present: Kevin Street Date of Board / Committee

More information

Risk Management Policy

Risk Management Policy 9 Spokes International Limited Risk Management Policy Last Updated: May 2016 9 Spokes International Limited Risk Management Policy 1 Contents 1 Introduction... 3 2 Purpose... 3 3 Scope... 3 4 General roles

More information

Certification Candidates Examination Guide

Certification Candidates Examination Guide Certification Candidates Examination Guide Certification Candidates Examination Guide V2 5 Page 1 of 15 Contents Introduction... 3 Knowledge Based Examination... 3 Body of Knowledge... 3 1. Domains...

More information

Inside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali

Inside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali MANAGING OPERATIONAL RISK IN THE 21 ST CENTURY White Paper Series Inside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali 2 In today s competitive and

More information

AS/NZS ISO 30301:2012

AS/NZS ISO 30301:2012 (ISO 30301:2011,MOD) Australian/New Zealand Standard Information and documentation Recordkeeping Requirements AS/NZS ISO 30301:2012 This Joint Australian/New Zealand Standard was prepared by Joint Technical

More information

ISO Understanding the new international standard for Occupational Health & Safety

ISO Understanding the new international standard for Occupational Health & Safety ISO 45001 Understanding the new international standard for Occupational Health & Safety ISO 45001 - Understanding the new international standard for occupational health & safety The new international way

More information

Operational Risk Management Policy

Operational Risk Management Policy Contents Introduction & Scope... 2 Risk Management... 3 Risk Management Objectives... 3 Categorising Risk at an Organisational Level... 3 Risk Management Processes... 4 Risk Management Activities... 6

More information

TEMPLATE. Asset Management. Assetivity

TEMPLATE. Asset Management. Assetivity TEMPLATE Asset Management Assetivity EXECUTIVE SUMMARY This section provides an overview of the Strategic Asset Management Plan (SAMP) including: Purpose of the document Overall strategy statement List

More information

POSITION DESCRIPTION

POSITION DESCRIPTION Programme Delivery Manager POSITION DESCRIPTION Unit/Branch, Directorate: Location: Capability Directorate Wellington Salary range: J $106,860 - $160,290 Purpose of position: The Programme Delivery Manager

More information

AS/NZS ISO 9001:2016. Quality management systems Requirements AS/NZS ISO 9001:2016. Australian/New Zealand Standard. Superseding AS/NZS ISO 9001:2008

AS/NZS ISO 9001:2016. Quality management systems Requirements AS/NZS ISO 9001:2016. Australian/New Zealand Standard. Superseding AS/NZS ISO 9001:2008 AS/NZS ISO 9001:2016 (ISO 9001:2015, IDT) Australian/New Zealand Standard Quality management systems Requirements Superseding AS/NZS ISO 9001:2008 AS/NZS ISO 9001:2016 AS/NZS ISO 9001:2016 This joint Australian/New

More information

CFOs: The catalyst for integrating strategy, risk and finance

CFOs: The catalyst for integrating strategy, risk and finance CFOs: The catalyst for integrating strategy, risk and finance July 2012 Australian resources companies have always had to contend with fluctuating commodity prices. However, the volatility of today s markets

More information

CGMA Competency Framework

CGMA Competency Framework CGMA Competency Framework Technical Skills CGMA Competency Framework 8 Technical Skills : This requires a basic understanding of the business structures, operations and financial performance, and includes

More information

AUDIT REPORT NOVEMBER

AUDIT REPORT NOVEMBER RISK MANAGEMENT AUDIT REPORT NOVEMBER 2009 TABLE OF CONTENTS EXECUTIVE SUMMARY........3 STATEMENT OF ASSURANCE......6 1 INTRODUCTION...7 BACKGROUND......7 AUDIT OBJECTIVES.........9 AUDIT SCOPE AND APPROACH........9

More information

Conformity and Certification against ISO 55001

Conformity and Certification against ISO 55001 Conformity and Certification against ISO 55001 Presentation IQ-AM Pty Ltd RTO 22515 ABN 77147017525 Some content from other sources utilised for educational purposes Tom Carpenter CEO, IQ-AM Pty Ltd ISO

More information

Specialists in Strategic, Enterprise and Project Risk Management. Cura Webcast on ISO 31000, 10 December 2008

Specialists in Strategic, Enterprise and Project Risk Management. Cura Webcast on ISO 31000, 10 December 2008 BROADLEAF CAPITAL INTERNATIONAL PTY LTD ABN 24 054 021 117 23 Bettowynd Road Tel: +61 2 9488 8477 Pymble Mobile: 0419 433 184 NSW 2073 Fax: + 61 2 9488 9685 Australia www.broadleaf.com.au Cooper@Broadleaf.com.au

More information

ISO Standards in Strengthening Organizational Resilience, Mitigating Risk & Addressing Sustainability Concerns

ISO Standards in Strengthening Organizational Resilience, Mitigating Risk & Addressing Sustainability Concerns ISO Standards in Strengthening Organizational Resilience, Mitigating Risk & Addressing Sustainability Concerns 13 December 2016 Joe Muratore Copyright 2012 BSI. All rights reserved. Enterprise Risk Management

More information

ISO Food Safety Management Systems Your implementation guide

ISO Food Safety Management Systems Your implementation guide ISO 22000 Food Safety Management Systems Your implementation guide ISO 22000 Food safety management systems How ISO 22000 works The World Health Organization estimates that one in ten people fall ill and

More information

Job Description. Salary & Benefits 38,151 44,766 + Final Salary Pension (Lothian Pension Fund), 25 Days holiday + 10 stats, and 36.

Job Description. Salary & Benefits 38,151 44,766 + Final Salary Pension (Lothian Pension Fund), 25 Days holiday + 10 stats, and 36. Job Description Job title: Reports to: Head of Resources Chief Executive Officer Salary & Benefits 38,151 44,766 + Final Salary Pension (Lothian Pension Fund), 25 Days holiday + 10 stats, and 36.5 working

More information

AUSTRALIAN ENGINEERING COMPETENCY STANDARDS STAGE 2 - EXPERIENCED PROFESSIONAL ENGINEER IN LEADERSHIP AND MANAGEMENT

AUSTRALIAN ENGINEERING COMPETENCY STANDARDS STAGE 2 - EXPERIENCED PROFESSIONAL ENGINEER IN LEADERSHIP AND MANAGEMENT AUSTRALIAN ENGINEERING COMPETENCY STANDARDS STAGE 2 - EXPERIENCED IN LEADERSHIP AND MANAGEMENT The Stage 2 Competency Standards are the profession's expression of the knowledge and skill base, engineering

More information

The Sector Skills Council for the Financial Services Industry. National Occupational Standards. Risk Management for the Financial Sector

The Sector Skills Council for the Financial Services Industry. National Occupational Standards. Risk Management for the Financial Sector The Sector Skills Council for the Financial Services Industry National Occupational Standards Risk Management for the Financial Sector Final version approved April 2009 IMPORTANT NOTES These National Occupational

More information

Technical Specification

Technical Specification ISO/TS 9002:2016 SA TS ISO 9002:2017 Technical Specification Quality management systems Guidelines for the application of ISO 9001:2015 This Australian Technical Specification was prepared by Committee

More information

COCA-COLA HELLENIC BOTTLING COMPANY RISK MANAGEMENT POLICY

COCA-COLA HELLENIC BOTTLING COMPANY RISK MANAGEMENT POLICY COCA-COLA HELLENIC BOTTLING COMPANY RISK MANAGEMENT POLICY 1. INTRODUCTION The effective management of risk is central to the ongoing success and resilience of Coca-Cola Hellenic Bottling Company (CCHBC).

More information

Libor. the risk lesson

Libor. the risk lesson riskupdate GLOBAL The quarterly independent risk review for banks and financial institutions worldwide august 2012 Libor the risk lesson Also in this issue n What Makes a Chief Risk Officer Great? n Making

More information

VOLKER STEVIN POSITION PROFILE

VOLKER STEVIN POSITION PROFILE VOLKER STEVIN POSITION PROFILE Position: Business Process Advisor Status: Full Time - Salary Company: Volker Stevin Canada Location: Calgary, Alberta Division: Corporate Supervisor: Chief Financial Officer

More information

ISO Standards in Strengthening Organizational Resilience and Mitigating Risk while Addressing Quality and Sustainability

ISO Standards in Strengthening Organizational Resilience and Mitigating Risk while Addressing Quality and Sustainability ISO Standards in Strengthening Organizational Resilience and Mitigating Risk while Addressing Quality and Sustainability January 20, 2017 Copyright 2012 BSI. All rights reserved. Who is BSI? By Royal Charter:

More information

April 2017 Latest update. ISO/DIS Understanding the new international standard for occupational health & safety

April 2017 Latest update. ISO/DIS Understanding the new international standard for occupational health & safety April 2017 Latest update ISO/DIS 45001.2 Understanding the new international standard for occupational health & safety ISO/DIS 45001.2 - Understanding the new international standard for occupational health

More information

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM) The Intersection of Enterprise-wide Risk (ERM) and Business Continuity (BCM) Marc Dominus 2005 Protiviti Inc. EOE Agenda Terminology and Process Introductions ERM Process Overview BCM Process Overview

More information

Gleim CIA Review Updates to Part Edition, 1st Printing June 2018

Gleim CIA Review Updates to Part Edition, 1st Printing June 2018 Page 1 of 15 Gleim CIA Review Updates to Part 1 2018 Edition, 1st Printing June 2018 Study Unit 3 Control Frameworks and Fraud Pages 66 through 69 and 76 through 77, Subunit 3.2: In accordance with the

More information

For a leader to be effective in today s uncertain world, they have to. understand the nature of complexity and adapt their leadership role in a

For a leader to be effective in today s uncertain world, they have to. understand the nature of complexity and adapt their leadership role in a Exercise and Testing IDRC 2010 Emergent Leadership For a leader to be effective in today s uncertain world, they have to understand the nature of complexity and adapt their leadership role in a manner

More information

Risk Watch Thought Leadership in Risk and Governance

Risk Watch Thought Leadership in Risk and Governance Review May 2012 Risk Watch Thought Leadership in Risk and Governance TELUS 10-Year Enterprise Risk Governance Journey [ Pages 2 7 ] Risk Interconnectivity: Increasing Risk Intelligence at the Canada Revenue

More information

Significant Service Contracts Framework

Significant Service Contracts Framework 1 Significant Service Contracts Framework The Significant Service Contracts Framework is delivered by New Zealand Government Procurement (NZGP). NZGP delivers on the Ministry of Business Innovation and

More information